CVE-2012-0705

InfoSphere Import Export Manager in InfoSphere Information Server MetaBrokers & Bridges (MBB) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, 8.7, and 9.1 does not validate unspecified input data, which allows remote authenticated users to execute arbitrary commands via unknown vectors.

CVSS v2.0 7.1 HIGH

7.1^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:H/Au:S/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector NETWORK

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21623501	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/73292

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:infosphere_information_server:8.5.0.2:::::::*
	cpe:2.3:a:ibm:infosphere_information_server_metabrokers_\&_bridges:-:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:8.1:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:8.5:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:8.7:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:9.1:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:8.5.0.1:::::::*

Information

Published : 2013-01-31 04:06

Updated : 2017-08-28 18:31

NVD link : CVE-2012-0705

Mitre link : CVE-2012-0705

JSON object : View

CWE

CWE-20

Improper Input Validation

Advertisement

Products Affected

ibm

infosphere_information_server_metabrokers_\&_bridges
infosphere_information_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21623501", "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21623501", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73292", "name": "infosphere-iem-cmd-execution(73292)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "InfoSphere Import Export Manager in InfoSphere Information Server MetaBrokers & Bridges (MBB) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, 8.7, and 9.1 does not validate unspecified input data, which allows remote authenticated users to execute arbitrary commands via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2012-0705", "ASSIGNER": "psirt@us.ibm.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2013-01-31T12:06Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:infosphere_information_server:8.5.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:infosphere_information_server_metabrokers_\\&_bridges:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:infosphere_information_server:8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:infosphere_information_server:8.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:infosphere_information_server:8.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:infosphere_information_server:9.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:infosphere_information_server:8.5.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-29T01:31Z"}